Data Breach at Canada Goose: Over 600,000 Customers Affected
Luxury outerwear brand Canada Goose is currently under investigation after the notorious hacking group ShinyHunters published a 1.67 GB dataset containing over 600,000 customer records on their data leak site this week. The leaked information includes detailed e-commerce order records with customer names, email addresses, phone numbers, billing and shipping addresses, IP addresses, and order histories.
The exposed data also contains partial payment card information, including card brand, the last four digits of card numbers, and in some cases the first six digits (BIN), along with payment authorization metadata. However, Canada Goose maintains that its own systems were not breached directly.
In a statement to security researchers, Canada Goose said: “At this time, we have no indication of any breach of our own systems. We are currently reviewing the newly released dataset to assess its accuracy and scope.” The company emphasized that its review shows no evidence of unmasked financial data being involved.
ShinyHunters claims the dataset originated from a third-party payment processor breach that occurred in August 2025. Security experts warn that even partial customer data can be used for sophisticated phishing campaigns, social engineering attacks, and identity theft targeting the luxury brand’s affluent customer base. The incident highlights the growing vulnerability of third-party supply chains in e-commerce operations.
- Source: TechRadar